As part of its investigation into competition in the UK’s retail banking sector, the UK government’s Competition and Markets Authority has implemented open banking. Once this takes effect, bank customers will be able to view all their accounts, payments and bills in one place, for example on an application programming interface through a third-party provider.
Open banking aims to give customers more control over their finances while supporting an emerging market of third-party products and services. At the same time, the second Payment Services Directive (PSD2) will require all payment account providers across the EU to grant access to third parties. PSD2 therefore goes further than open banking, because it applies to all payment accounts and not just current accounts.
Almost all regulations brought in since 2008 have focused on tightening the operating model of the banking industry. PSD2 on the other hand requires firms to open up their payments infrastructure and consumer data assets, making it one of the most challenging regulatory changes in recent times, and one for which the solutions are far from obvious.
Convenience versus protection
While PSD2 will improve convenience and access for customers, the competitive, regulatory and operational pressures for firms are set to increase, thanks to the threat of new types of fraud and cyber attacks aimed at obtaining personal information.
The open nature of banking and payments will require a different approach to maintaining the balance between speed and convenience on the one hand with security on the other.
PSD2’s core objectives include enhancing consumer protection against fraud. It aims to do this by requiring stronger customer authentication procedures and enhanced secure data communication. Today’s systems rely on customers interacting with their bank directly, which means firms can process all the information needed to establish whether a transaction is fraudulent. Under PSD2, many customers will no longer be using their firm’s digital banking websites at all, reducing the amount of data available to input into fraud detection and prevention systems.
In an increasing number of situations, firms are required to foot the bill for losses as a result of financial fraud. With the factors above at play these liabilities may require further financial resources to be set aside.
The solution
Firms are already responding to increasingly sophisticated frauds by investing significant sums into fraud prevention and detection. They will also need to perform proactive transaction monitoring and develop rules suitable for their own manner of working to continue to prevent fraud.
Under PSD2, firms can block third-party access to accounts if they have evidence that the activity is unauthorised or fraudulent. Systems will need to be designed to deal with these challenges in a balanced and proportionate way to avoid unnecessary interruptions to customers, while ensuring appropriate levels of protection.
However, fraud detection and prevention systems only go so far. Customer education is also likely to have a significant role to play, feeding into the ongoing debate regarding liability.
It is encouraging to see that firms have already taken steps to raise the bar on financial education. Earlier this year, Barclays launched a £10m ($13.3m) advertising campaign alerting the public to the risk of fraud. More recently, industry body UK Finance has invested in the Take Five to Stop Fraud campaign, to raise awareness of scams and explain how customers can protect themselves.
The banker-customer relationship is moving into a new era of service capability and communication. The more educated everyone is around the impact of transacting in this style, the better placed we will all be to maximise its potential and close the door to anything and anyone that might hinder this progress.
Jonathan Hoey is a partner at UK law firm TLT. He was assisted by Alanna Tregear, solicitor at TLT.
